February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2021-42278 – Microsoft Windows privilege escalation
December 21, 2021Rewterz Threat Advisory – VMware Workspace ONE Accessv and Identity Manager server-side
December 21, 2021Rewterz Threat Advisory – CVE-2021-42278 – Microsoft Windows privilege escalation
December 21, 2021Rewterz Threat Advisory – VMware Workspace ONE Accessv and Identity Manager server-side
December 21, 2021
Severity
Medium
Analysis Summary
CVE-2021-43083
Apache PLC4X could allow a local attacker to execute arbitrary code on the system, caused by an integer underflow inside the TCP transport. By sending a specially-crafted server response, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-41561
Apache Parquet-MR is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted Parquet file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2021-44548
Apache Solr could allow a remote attacker to obtain sensitive information, caused by an improper input validation flaw in DataImportHandler. By using a specially-crafted UNC path, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Disclosure
Affected Vendors
Apache
Affected Products
- Apache PLC4X 0.9.0
- Apache Parquet-MR 1.9.0
- Apache Parquet-MR 1.10.0
- Apache Parquet-MR 1.11.0
- Apache Parquet-MR 1.12.0
- Apache Solr 8.11.0
Remediation
Upgrade to the latest version of Apache, available from the Apache Web site.
CVE-2021-43083
https://plc4x.apache.org/
CVE-2021-41561
https://github.com/apache/parquet-mr
CVE-2021-44548
https://solr.apache.org/